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AMENDMENTS TO THE CLAIMS 

Claims pending 

• At time of the Action: Claims 1-30, 

• After this Response: Claims 1,4,7-10, 12-15, 17 and 21-30. 
Canceled or Withdrawn claims: 2, 3, 5, 6, 1 1, 16, and 18-20. 
Amended claims: 1, 4, 7, 10, 12, 15, 17 and 21. 

New claims: None. 

1 . (Currently Amended) A method comprising: 

creating an enterprise policy object providing an enterprise-wide policy governing at 
least one of resource access and protocol use for a plurality of nodes within a networking 
environment organized within a plurality of arrays; 

creating at least one array policy object, each array policy object providing an array- 
wide policy governing resource access for one or more of the plurality of nodes organized 
within a corresponding array, and, 

for each of one or more of the at least one aiTay policy object, inheriting an instance 
of the enterprise-wide policy as the array-wide policy such that the array-wide policy of each 
array policy object is at least initially set to the enterprise-wide policy; 

for each of one or more of the at least one array policy object adjusting the array- 
wide policy after the array-wide policy has inherited the enterprise-wide policy: 

wherein the enterprise-wide policy includes a plurality of enterprise roles, each 
enterprise rule governing at least on of access to a particular resource and use of a particular 
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protocol, each enterprise rule having a rule type selected from a positive rule type and a 
negative rule type, the positive rule type explicitly allowing at least one of access and use and 
the negative rule type explicitly denying at least one of access and use: and. 

wherein each array-wide policy includes a plurality of array rules* the plurality of 
array rules at least, initially equal to the plurality of enterprise rules upon the enterprise-wide 
policy inherited as each array-wide policy . 

2-3. (Canceled). 

4. (Currently Amended) The method of clarav3-L further comprising, for a requested 
access via a requested protocol by a node organized within one of the plurality of arrays, 

applying the array-wide policy of the policy object corresponding to the one of the 
plurality of arrays to determine whether to allow the requested access via the requested 
protocol, such that the requested access via the requested protocol is allowed only where the 
requested access via the requested protocol is explicitly allowed by the plurality of rules and 
not explicitly denied by the plurality of rules; 

allowing the requested access via the requested protocol in response to determining 
that the requested access via the requested protocol is allowed; and, 

denying the requested access via the requested protocol in response to determining 
that the requested access via the requested protocol is not allowed. 



5-6. (Canceled). 
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7. (Currently Amended) The method of ciaim4_L wherein adjusting the array-wide 
policy comprises adding one or more new array rules to the plurality of array mles, each of 
the new array rules having a negative rule type explicitly denying one of access to a 
particular resource and use of a particular protocol. 

8. (Original) The method of claim 7, further comprising, for a requested access via a 
requested protocol by a node organized within one of the plurality of arrays, 

applying the array-wide policy of the policy object corresponding to the one of the 
plurality of arrays to determine whether to allow the requested access via the requested 
protocol such that the requested access via the requested protocol is allowed only where the 
requested access via the requested protocol is explicitly allowed by the plurality of rules and 
not explicitly denied by the plurality of rules; 

allowing the requested access via the requested protocol in response to determining 
that the requested access via the requested protocol is allowed; and, 

denying the requested access via the requested protocol in response to determining 
that the requested access via the requested protocol is not allowed. 

9. (Original) A computer-readable medium having stored thereon a computer 
program executable by a processor to perform the method of claim 1 . 

10. (Currently Amended) A method comprising: 
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creating an enterprise policy object providing an enterprise-wide policy governing 
resource access of a plurality of nodes within a networking environment organized within a 
plurality of arrays; 

creating at least one array policy object, each array policy object providing an airay- 
wide policy governing resource access for one or more of the plurality of nodes organized 
within a corresponding array; 

for each policy object, inheriting an instance of the enterprise-wide policy as the 
array-wide policy such that the array-wide policy of each array policy object is initially set to 
the enterprise-wide policy^-and^ 

for each one or more of the at least one anray policy object, adjusting the array-wide 
policy after the array-wide policy has inherited the enterprise-wide policy; 

wherein the enterprise-wide policy includes a plurality of enterprise rules, each 
enterpris e rule governing at least one of access to a particular resource and user of a 
particular protocol, e ach enterprise rule having a rule type selected from a positive rule type 
and a negative rule type, the posi tive rule type explicitly allowing at least one of access and 
use and the negative rul e type explicitly denving^at least one of access and use: and. 

wherein each array-wi de policy includes a plurality of array rules, the plurality of 
array rules initially eq ual to the plurality of enterprise rules upon the enterprise-wide policy 
inherited as each array-wide policy * 



11. (Canceled), 
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12. (Currently Amended) The method of claitn-H- 10. wherein adjusting the array- 
wide policy comprises adding one or more new array rules to the plurality of array rules, 
each of the new array rules having the negative rule type. 

13. (Original) The method of claim 12, further comprising, for a requested access via 
a requested protocol by a node organized within one of the plurality of arrays, 

applying the array-wide policy of the policy object corresponding to the one of the 
plurality of arrays to determine whether to allow the requested access via the requested 
protocol, such that the requested access via the requested protocol is allowed only where the 
requested access via the requested protocol explicitly allowed by the plurality of rules and 
not explicitly denied by the plurality of rules; 

allowing the requested access via the requested protocol in response to determining 
that the requested access via the requested protocol is allowed; and y 

denying the requested access via the requested protocol in response to detennining 
that the requested access via the requested protocol is not allowed. 

14. (Original) A computer-readable medium having stored thereon a computer 
program executable by a processor to perform the method of Claim 10. 

15. (Currently Amended) A system for governing resource access among a plurality 
of nodes within a networking environment, at least some of the plurality of nodes organized 
within a plurality of arrays, the system comprising: 
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an enterprise-policy object providing an enterprise-wide policy governing resource 
access for nodes organized within at least one of the plurality of arrays; and, 

at least one array policy object, each array policy object providing an array-wide 
policy governing resource access for nodes organized within the corresponding array, one or 
more of the at least one array policy object inheriting an instance of the enterprise-wide 
policy as the array-wide policy such that the array-wide policy is at least initially set to the 
enterprise-wide policy; 

wherein the array-wide policy provided by each of the at least one array policy object 
other than the one or more of the at least one array policy object inheriting the enterprise- 
wide policy does not inherit the enterprise-wide policy: 

wherein the enterprise-wide policy includes a plurality of enterprise rules, each 
enterprise rule governing at least one of access to a particular resource and use of a particular 
protocol, each enterprise rule having a rule type selected from a positive rule type and a 
negative rule type, the positive rule type explicitly allowing at least one of access and use and 
the negative rule type explicitly denying at least one of access and use: 

wherein the array-wide policy provided bv each of the one or more of the least one 
array policy object includes a plurality of first array rules at least initially equal to the 
plurality of enterprise rules upon the enterprise-wide policy inherited as each array-wide 
policy: and. 

wherein the array-wide policy provided bv each of the at least one array policy object 
other than the one or more of the at least one array policy object inheriting the enterprise- 
wide policy includes a plurality of second array rules not initially equal to the plurality of 
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^tPr pHss rules. e*ch second array rule having a rule type selected form the positive rule type 
and the neg ative rule type, 

16. (Canceled). 

1 7. (Currently Amended) The system of claim-4615, wherein the array-wide policy 
provided by each of the one or more of the at least one array policy object includes a plurality 
off array rules at least initially equal to the plurality of enterprise rules upon the enterprise- 
wide policy inherited as each array-wide policy. 

18-20, (Canceled). 

21 . (Currently Amended) The system of claim-20Jl, where the array-wide policy 
provided by each of the one or more of the at least one array policy object further includes 
one or more other first anay niles, each of the one or more other first array rules having the 
negative rule type. 

22. (Original) The system of claim 15, further comprising at least one node policy 
object, each node policy object providing a node policy governing resource access for a 
corresponding node of the plurality of nodes other than the one or more of the plurality of 
nodes organized within the plurality of arrays. 
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23. (Original) The system of claim 22, wherein the node policy includes a plurality 
of node rules, each node rule governing at least one of access to a particular resource and use 
of a particular protocol, each node rule having a rule type selected from a positive rule type 
and a negative rule type, the positive rule type explicitly allowing at least one of access and 
use and the negative rule type explicitly denying at least one of access and use. 

24. (Previously Presented) The method of claim 3, wherein the enterprise-wide 
policy and the array-wide policy are overseen according to one of a plurality of modes 
comprising: 

an enterprise-only mode; 
an integrated mode; 
an array-only mode; and 
a stand-alone mode. 

25. (Previously Presented) The method of claim 24 wherein, when overseen 
according to the integrated mode, each anay rule added to the array-wide policy beyond 
those inherited from the enterprise-wide policy is of the negative rule type. 

26. (Previously Presented) The method of claim 1, wherein the enterprise-wide 
policy is capable of governing both resource access and protocol use. 
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27. (Previously Presented) The method of claim 26, wherein governing protocol use 
comprises: 

allowing the use of at least one protocol; and 
denying the use of at least one protocol. 

28. (Previously Presented) The method of claim 1, wherein: 

the enterprise policy object is secured with a first set of security permissions; and 
the array policy object is secured with a second set of security permissions. 

29. (Previously Presented) The method of claim 28, wherein each set of policy object 
security permissions comprises: 

a read permission; 
a write permission; and 
a change permission. 

30. (Previously Presented) The method of claim 29, wherein each set of policy object 
security permissions further comprises: 

a write owner permission; 

a write discretionary access control permission; and 

a change system access control list permission. 
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